Way OT but I know some of you guys are really good w/ the computer
stuff.
Since last Monday I've been getting intermittent (about every half hour
when I'm online) dialogue boxes that jump up out of nowhere asking me
to "Please enter a name and password for the realm 'Zope' on host
www.hunstville.org"
Of course I cancel these boxes. But does anyone have any idea what it's
from, or how I can permanently end it?
I'm running OmniWeb on a Mac, BTW.
Thanks,
H
In article <[email protected]>,
hylourgos <[email protected]> wrote:
> Way OT but I know some of you guys are really good w/ the computer
> stuff.
>
> Since last Monday I've been getting intermittent (about every half hour
> when I'm online) dialogue boxes that jump up out of nowhere asking me
> to "Please enter a name and password for the realm 'Zope' on host
> www.hunstville.org"
>
> Of course I cancel these boxes. But does anyone have any idea what it's
> from, or how I can permanently end it?
>
> I'm running OmniWeb on a Mac, BTW.
There's no way it's a virus or spyware unless your the first Mac OS X
user to be infected, ever.
And www.hunstville.org doesn't exist, as far as I can determine. Are
you sure that's the domain?
--
The moral difference between a soldier and a civilian is that the soldier
accepts personal responsibility for the safety of the body politic of which he
is a member. The civilian does not. Robert A. Heinlein
In article <[email protected]>,
hylourgos <[email protected]> wrote:
> Oops, I misspelled the domain. It should read huntsville.org
That URL gives me a list of CBS and UPN channels. Perhaps for some
reason your browser is tryingto authenticate with one of them?
Puzzled,
djb
--
The moral difference between a soldier and a civilian is that the soldier
accepts personal responsibility for the safety of the body politic of which he
is a member. The civilian does not. Robert A. Heinlein
In article <[email protected]>, George Shouse
<[email protected]> wrote:
> >There's no way it's a virus or spyware unless your the first Mac OS X
> >user to be infected, ever.
>
> "I've already alluded to why Mac OS X is essentially virus-free:
> because almost nobody uses it. "
And this comment helps the OP exactly how?
--
<http://www.balderstone.ca/stfu.jpg>
With credit to Sgt Stryker's Daily Briefing at
http://www.sgtstryker.com/
Oops, I misspelled the domain. It should read huntsville.org
Otherwise, the dialogue box reads exactly as I typed it above.
I *have* visited a huntsville (AL) site, a month or so back: it was the
Unclaimed Baggage store site, but that's about all I can remember from
Huntsville (I live about an hour or so away from there).
Regards,
H
Well, you are wrong - but that is OK. The MAC OS X is the safest OS
on a consumer machine because most Windows users essentially run as
root/admin all of the time. If you logged in as root and ran
everything as root all of the time, any un*x flavor would gladly let
you overwrite system files. If MAC had 90% market share I would be
willing to bet that malware authors would run exploits.
And Mitnick's original worm ran on what OS?
Going to sharpen a plane.
Dave Hinz wrote:
> On Sun, 11 Dec 2005 14:04:44 -0600, George Shouse <[email protected]> wrote:
> > On Sat, 10 Dec 2005 23:47:30 -0600, Dave Balderstone
> ><dave@N_O_T_T_H_I_S.balderstone.ca> wrote:
> >
> >>There's no way it's a virus or spyware unless your the first Mac OS X
> >>user to be infected, ever.
>
> > "I've already alluded to why Mac OS X is essentially virus-free:
> > because almost nobody uses it. "
> > http://www.eweek.com/article2/0,1759,1777202,00.asp
>
> Yes, uninformed people are free to believe that, of course.
He's right. Mac users comprise just 2-4% of the market share,
depending on how the stats are gathered:
http://marketshare.hitslink.com/report.aspx?qprid=2
http://www.macobserver.com/article/2004/10/29.6.shtml
http://www.pcmag.com/article2/0,1759,1745930,00.asp
http://www.macworld.com/news/2005/03/20/marketshare/index.php
In article <[email protected]>, George Shouse
<[email protected]> wrote:
> So, what happens if you enter "sudo passwd root" in a terminal
> window? You don't think this could be injected in an exploit?
Unless you've deliberately gone into NetInfoMgr and enabled the root
acoount, bupkiss.
Even with root enabled, you'd have to already know an administrator
password.
Root is disabled by default in OS X. If a computer user deliberately
bypasses security measures, that is not the fault of the OS.
djb
--
The moral difference between a soldier and a civilian is that the soldier
accepts personal responsibility for the safety of the body politic of which he
is a member. The civilian does not. Robert A. Heinlein
In article <[email protected]>, Dave Hinz
<[email protected]> wrote:
> > Unless you've deliberately gone into NetInfoMgr and enabled the root
> > acoount, bupkiss.
>
> I don't think that's a NetInfo thing after 10.2 or so, is it?
I'm not sure I understand the question, but if you mean "can you enable
root via NIM on OSX after 10.2, the answer is yes. I'm running 10.4.3,
and did the experiment in order to reply to George (I ran his code with
root enabled and disabled).
> > Root is disabled by default in OS X. If a computer user deliberately
> > bypasses security measures, that is not the fault of the OS.
>
> Exactly. It ships in secure mode by default - if you want to open
> things, presumably you're capable of understanding the implications of
> doing so.
Presumably. But I've seen people in the comp.sys.mac.* groups insist
they need root while demonstrating their cluelessness in other ways. I
have a good understanding of basic *nix security and have absolutely no
need to have root enabled on my Mac.
> Don't I know you from somewhere else, Dave ;)
Maybe... Your first name rings a bell. <g>
--
"The thing about saying the wrong words is that A, I don't notice it, and B,
sometimes orange water gibbon bucket and plastic." -- Mr. Burrows
On Sun, 11 Dec 2005 14:04:44 -0600, George Shouse <[email protected]> wrote:
> On Sat, 10 Dec 2005 23:47:30 -0600, Dave Balderstone
><dave@N_O_T_T_H_I_S.balderstone.ca> wrote:
>
>>There's no way it's a virus or spyware unless your the first Mac OS X
>>user to be infected, ever.
> "I've already alluded to why Mac OS X is essentially virus-free:
> because almost nobody uses it. "
> http://www.eweek.com/article2/0,1759,1777202,00.asp
Yes, uninformed people are free to believe that, of course. But the
fundamental difference is that only Windows allows users, and their
processes, to overwrite system files. MacOS, or any of the other
unix-based operating systems, don't allow the user and his processes to
overwrite system internal files. Fundamental design, rather than market
share, are the reason for there being no viruses for Unix in general,
and MacOSX in this case.
Dave Hinz
On 12 Dec 2005 17:00:16 -0800, George <[email protected]> wrote:
> Well, you are wrong - but that is OK.
Who and what are you responding to, George? You give no context at all.
> The MAC OS X is the safest OS
> on a consumer machine because most Windows users essentially run as
> root/admin all of the time.
Yes. In part.
> If you logged in as root and ran
> everything as root all of the time, any un*x flavor would gladly let
> you overwrite system files.
Of course. This is why that's not done. MacOSX doesn't even _have_ an
account for root. Most you could do is get them to a password prompt.
> If MAC had 90% market share I would be
> willing to bet that malware authors would run exploits.
More big money lives on Unix systems; the motivation is there. The
opportunity is what isn't.
> And Mitnick's original worm ran on what OS?
Let's see. That was 30 years ago and hit what, 100 systems? And a worm
is not a virus, as you must know.
> Going to sharpen a plane.
Great. Stick to what you know, George, because computer security
apparently ain't it.
On 13 Dec 2005 12:11:26 -0800, Larry Bud <[email protected]> wrote:
>
> Dave Hinz wrote:
>> On Sun, 11 Dec 2005 14:04:44 -0600, George Shouse <[email protected]> wrote:
>> > On Sat, 10 Dec 2005 23:47:30 -0600, Dave Balderstone
>> ><dave@N_O_T_T_H_I_S.balderstone.ca> wrote:
>> >
>> >>There's no way it's a virus or spyware unless your the first Mac OS X
>> >>user to be infected, ever.
>>
>> > "I've already alluded to why Mac OS X is essentially virus-free:
>> > because almost nobody uses it. "
>> > http://www.eweek.com/article2/0,1759,1777202,00.asp
>>
>> Yes, uninformed people are free to believe that, of course.
>
> He's right. Mac users comprise just 2-4% of the market share,
> depending on how the stats are gathered:
Yes, the market share is low. No, that's not the reason that viruses
don't work on anything but Microsoft systems.
It's fine if you enjoy wallowing in Windows-world. Really. It is. But
pretending you understand why the security situation is the way it is,
when you attribute it to market share, just waves your ignorance like a
flag.
Short version: Windows allows users and their processes to change system
files. MacOSX and any other unix-based OS, do not. Short, sweet, and to
the point.
On Tue, 13 Dec 2005 17:55:57 -0600, George Shouse <[email protected]> wrote:
> On 13 Dec 2005 16:17:55 GMT, Dave Hinz <[email protected]>
> wrote:
>
>>On 12 Dec 2005 17:00:16 -0800, George <[email protected]> wrote:
>>> Well, you are wrong - but that is OK.
>>
>>Who and what are you responding to, George? You give no context at all.
>
> First time I ever used Google groups to reply to something.
> Evidently default behavior is not to quote. Kinda lame IMO.
Yeah, they've been notified by a bunch of people and seem to be
decidedly and uncharacteristically clue-resistant on the topic.
>>> If you logged in as root and ran
>>> everything as root all of the time, any un*x flavor would gladly let
>>> you overwrite system files.
>>
>>Of course. This is why that's not done. MacOSX doesn't even _have_ an
>>account for root. Most you could do is get them to a password prompt.
> So, what happens if you enter "sudo passwd root" in a terminal
> window? You don't think this could be injected in an exploit?
Do you consider opening a command line and spawning a shell as root to
be something a virus is capable of?
>>> If MAC had 90% market share I would be
>>> willing to bet that malware authors would run exploits.
>>
>>More big money lives on Unix systems; the motivation is there. The
>>opportunity is what isn't.
> I think the big money is still in VM, MVS, VMS and MPE. Some is
> moving in a *ix direction. I wouldn't be sure that what is on
> *ix is worth more than what is on server flavors of Windoze.
> However, virii, worms, phish etc are aimed at consumers - not
> datacenters.
Which explains why our windows servers don't need to be carefully
managed and filtered? That's great news; I'll let the windows guys know
that. You'll hear the laughing from wherever you are.
> Even Windows is usually secure if provisioned by
> professionals in a datacenter environment.
Right, as in, kept up to minute with virus defs, and behind real
firewalls, yes.
> Props to Apple for putting out a consumer product that is secure
> by default instead of the reverse. However, the OS on some
> consumer's or corporate worker's desktop is only a very small
> part of computer security even though it is the primary target
> for virii, phish, worms and trojans. The *ix variants have a
> very small share of the desktop market.
You're hung up on market share. The difference is in design, not
percentages.
>>> And Mitnick's original worm ran on what OS?
>>
>>Let's see. That was 30 years ago and hit what, 100 systems? And a worm
>>is not a virus, as you must know.
> Um, I called it a worm, uh, right here? It was an exploit.
I never claimed there are no Unix exploits. I mentioned the fact that
there are no Unix viruses.
>>> Going to sharpen a plane.
>>
>>Great. Stick to what you know, George, because computer security
>>apparently ain't it.
>
> You'll injure yourself leaping to conclusions like that. I
> don't know much about sharpening planes, yet.
Yeah, that was a bit un-necessarily snarky, sorry about that.
> I think that
> being close minded to available threat vectors is more dangerous
> than objectively recognizing various OSs strengths and
> weaknesses.
I am responding specifically to viruses, I didn't expand it out to
exploits in general. A "virus" which includes a procedure of "OK, now
open up a command tool and spawn a shell as root using the sudo command"
wouldn't get around much, after all.
On Tue, 13 Dec 2005 18:46:34 -0600, Dave Balderstone <dave@N_O_T_T_H_I_S.balderstone.ca> wrote:
> In article <[email protected]>, George Shouse
><[email protected]> wrote:
>
>> So, what happens if you enter "sudo passwd root" in a terminal
>> window? You don't think this could be injected in an exploit?
>
> Unless you've deliberately gone into NetInfoMgr and enabled the root
> acoount, bupkiss.
I don't think that's a NetInfo thing after 10.2 or so, is it?
> Even with root enabled, you'd have to already know an administrator
> password.
Yup.
> Root is disabled by default in OS X. If a computer user deliberately
> bypasses security measures, that is not the fault of the OS.
Exactly. It ships in secure mode by default - if you want to open
things, presumably you're capable of understanding the implications of
doing so. This is in sharp contrast to Windows' default of "take me,
big-boy" as a security model.
Don't I know you from somewhere else, Dave ;)
On Mon, 12 Dec 2005 20:06:49 -0600, George Shouse <[email protected]>
wrote:
>On Mon, 12 Dec 2005 18:42:29 -0700, Mark & Juanita
><[email protected]> wrote:
>
>>On 12 Dec 2005 17:00:16 -0800, "George" <[email protected]> wrote:
>>
... snip
>>
>> Not all of us keep the "view all messages" option turned on -- it
>>clutters up the newsreader and becomes quite cumbersome to wade through
>>both read and unread messages. Thus, the lack of context makes this
>>message quite useless, because we don't know *who* is wrong.
>>
>> ... and no, I'm not going to clutter up my viewer because people don't
>>include context.
>
>Sorry, 1st time I ever used google to reply. Evidently does not
>quote by default. Maybe that is why it is still beta.
>
Apologies if that came across as sounding harsh, there has been
discussion in the past by several posters that context was not needed
because newsreaders are capable of threaded reading, thus the message
headers should serve as context. Guess I was a little quick on the trigger
there.
+--------------------------------------------------------------------------------+
If you're gonna be dumb, you better be tough
+--------------------------------------------------------------------------------+
On 13 Dec 2005 16:17:55 GMT, Dave Hinz <[email protected]>
wrote:
>On 12 Dec 2005 17:00:16 -0800, George <[email protected]> wrote:
>> Well, you are wrong - but that is OK.
>
>Who and what are you responding to, George? You give no context at all.
First time I ever used Google groups to reply to something.
Evidently default behavior is not to quote. Kinda lame IMO.
>> The MAC OS X is the safest OS
>> on a consumer machine because most Windows users essentially run as
>> root/admin all of the time.
>
>Yes. In part.
>> If you logged in as root and ran
>> everything as root all of the time, any un*x flavor would gladly let
>> you overwrite system files.
>
>Of course. This is why that's not done. MacOSX doesn't even _have_ an
>account for root. Most you could do is get them to a password prompt.
So, what happens if you enter "sudo passwd root" in a terminal
window? You don't think this could be injected in an exploit?
>> If MAC had 90% market share I would be
>> willing to bet that malware authors would run exploits.
>
>More big money lives on Unix systems; the motivation is there. The
>opportunity is what isn't.
I think the big money is still in VM, MVS, VMS and MPE. Some is
moving in a *ix direction. I wouldn't be sure that what is on
*ix is worth more than what is on server flavors of Windoze.
However, virii, worms, phish etc are aimed at consumers - not
datacenters. Even Windows is usually secure if provisioned by
professionals in a datacenter environment.
Props to Apple for putting out a consumer product that is secure
by default instead of the reverse. However, the OS on some
consumer's or corporate worker's desktop is only a very small
part of computer security even though it is the primary target
for virii, phish, worms and trojans. The *ix variants have a
very small share of the desktop market.
>> And Mitnick's original worm ran on what OS?
>
>Let's see. That was 30 years ago and hit what, 100 systems? And a worm
>is not a virus, as you must know.
Um, I called it a worm, uh, right here? It was an exploit. It
could've replaced cron with a viral version but did not. It had
root. As far as I know all *ix still has root.
>> Going to sharpen a plane.
>
>Great. Stick to what you know, George, because computer security
>apparently ain't it.
You'll injure yourself leaping to conclusions like that. I
don't know much about sharpening planes, yet. I think that
being close minded to available threat vectors is more dangerous
than objectively recognizing various OSs strengths and
weaknesses.
Have a nice day. I hope the OP figures out his problem.
On Sat, 10 Dec 2005 23:47:30 -0600, Dave Balderstone
<dave@N_O_T_T_H_I_S.balderstone.ca> wrote:
>In article <[email protected]>,
>hylourgos <[email protected]> wrote:
>
>> Way OT but I know some of you guys are really good w/ the computer
>> stuff.
>>
>> Since last Monday I've been getting intermittent (about every half hour
>> when I'm online) dialogue boxes that jump up out of nowhere asking me
>> to "Please enter a name and password for the realm 'Zope' on host
>> www.hunstville.org"
>>
>> Of course I cancel these boxes. But does anyone have any idea what it's
>> from, or how I can permanently end it?
>>
>> I'm running OmniWeb on a Mac, BTW.
>
>There's no way it's a virus or spyware unless your the first Mac OS X
>user to be infected, ever.
"I've already alluded to why Mac OS X is essentially virus-free:
because almost nobody uses it. "
http://www.eweek.com/article2/0,1759,1777202,00.asp
On Mon, 12 Dec 2005 18:42:29 -0700, Mark & Juanita
<[email protected]> wrote:
>On 12 Dec 2005 17:00:16 -0800, "George" <[email protected]> wrote:
>
>>Well, you are wrong - but that is OK. The MAC OS X is the safest OS
>>on a consumer machine because most Windows users essentially run as
>>root/admin all of the time. If you logged in as root and ran
>>everything as root all of the time, any un*x flavor would gladly let
>>you overwrite system files. If MAC had 90% market share I would be
>>willing to bet that malware authors would run exploits.
>>
>>And Mitnick's original worm ran on what OS?
>>
>>Going to sharpen a plane.
>
> Not all of us keep the "view all messages" option turned on -- it
>clutters up the newsreader and becomes quite cumbersome to wade through
>both read and unread messages. Thus, the lack of context makes this
>message quite useless, because we don't know *who* is wrong.
>
> ... and no, I'm not going to clutter up my viewer because people don't
>include context.
Sorry, 1st time I ever used google to reply. Evidently does not
quote by default. Maybe that is why it is still beta.
If you care, it was a claim that I was uninformed regarding OSs.
On 12 Dec 2005 17:00:16 -0800, "George" <[email protected]> wrote:
>Well, you are wrong - but that is OK. The MAC OS X is the safest OS
>on a consumer machine because most Windows users essentially run as
>root/admin all of the time. If you logged in as root and ran
>everything as root all of the time, any un*x flavor would gladly let
>you overwrite system files. If MAC had 90% market share I would be
>willing to bet that malware authors would run exploits.
>
>And Mitnick's original worm ran on what OS?
>
>Going to sharpen a plane.
Not all of us keep the "view all messages" option turned on -- it
clutters up the newsreader and becomes quite cumbersome to wade through
both read and unread messages. Thus, the lack of context makes this
message quite useless, because we don't know *who* is wrong.
... and no, I'm not going to clutter up my viewer because people don't
include context.
+--------------------------------------------------------------------------------+
If you're gonna be dumb, you better be tough
+--------------------------------------------------------------------------------+
"hylourgos" <[email protected]> wrote in message
news:[email protected]...
> Way OT but I know some of you guys are really good w/ the computer
> stuff.
>
>
It may be what is called 'phishing' the huntsville site is really a blind to
fool you, the link probably goes elsewhere. They want to trick you into
revealing your details and by using a familiar site hope to lure you into
their trap.
The network messages themselves are stopped in a windows machine by diabling
the "Messenger" service. No idea how to do that on a Mac, try searching the
help for messenger or messages.
Mekon